MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SnakeKeylogger

Vendor detections: 19

Intelligence 19 IOCs YARA 16 File information Comments

SHA256 hash:	adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490
SHA3-384 hash:	04e6839aed77a12f407afb1ca80baf88f4215b8cfe60e616ca2dc6bf3a1181020ad362d298f9fd7436cc492545de7e25
SHA1 hash:	390ed341eca790d915ad2a8996ccaa0fb23175ce
MD5 hash:	0e70319987a5b1cd53be39ab9fed11ca
humanhash:	victor-yankee-north-robert
File name:	adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490
Download:	download sample
Signature	SnakeKeylogger Create hunting rule
File size:	750'080 bytes
First seen:	2025-10-14 11:04:36 UTC
Last seen:	2025-11-06 10:22:23 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	12288:DQ4fRlkz1nnoi1EFJVY0zZXiZzs1fMHlijFoCwX9TO7xKqX:DDfAIY0z0ZzWEFij7wX9y1
Threatray	3'807 similar samples on MalwareBazaar
TLSH	T124F4BEB1F2B58455D88863B14926D83011E35DBCECA1D30ED5DABDA77AB3FC2089290F
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10522/11/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	exe SnakeKeylogger webmail-ki-lojaobrinquedos-com-br

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490

Verdict:

Malicious activity

Analysis date:

2025-10-14 11:15:48 UTC

Tags:

snake keylogger evasion stealer

Link:

https://app.any.run/tasks/1bd167eb-07d1-4407-9e3b-cff001de70b1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Snake

Link:

https://www.capesandbox.com/analysis/32663/

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68ee2e8604e22ce9acd9ec21

Tags:

backdoor micro hype

Result

Verdict:

Malware

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

obfuscated packed packed packer_detected vbnet

Link:

https://www.filescan.io/uploads/68ee2ec54f3013c55e4d4017/reports/4e36b8fc-5206-4218-984e-5b38c39aa4b6/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-10-13T04:50:00Z UTC

Last seen:

2025-10-16T09:33:00Z UTC

Hits:

~10000

Detections:

Trojan-Spy.Agent.SMTP.C&C Trojan.Crypt.TCP.ServerRequest PDM:Trojan.Win32.Generic Trojan-PSW.Win32.Stealer.sb Trojan.MSIL.Inject.sb Trojan.MSIL.Crypt.sb HEUR:Trojan.MSIL.Taskun.gen VHO:Trojan-PSW.Win32.Convagent.gen Trojan-Spy.MSIL.SnakeLogger.sb Trojan.MSIL.Taskun.sb HEUR:Trojan-Spy.MSIL.Agent.sb

Link:

https://opentip.kaspersky.com/adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490/results?tab=lookup

Malware family:

Snake Keylogger

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/c1ef5f1e-71ae-4fd5-8c6a-9f56f596caa7

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490

Verdict:

inconclusive

YARA:

10 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.25 Win 32 Exe x86

Link:

https://app.malva.re/file/0e70319987a5b1cd53be39ab9fed11ca

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490/

Verdict:

Malicious

Threat:

Family.SNAKE

Link:

https://tip.neiki.dev/file/adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490

Threat name:

Win32.Trojan.Kepavll

Status:

Malicious

First seen:

2025-10-13 12:16:54 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

20 of 24 (83.33%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=vw6yxeckws7kn73c7ji7ndaruhivsp6krdepkvsrb5vcozgzqsia._file

Verdict:

malicious

Label(s):

unc_loader_037

404keylogger

SnakeKeylogger

543b0d455d409155d088d96f0ea8ec6ae11edd0d18d5c39e949d4557b9cdca5d

SnakeKeylogger

67223d2d06877753d37011fa5a9fac6f4155f3e341c56b874c2a6775649f51f0

SnakeKeylogger

9b82825864714597159caad95b64b68cbb976756b1989d4d38e782858e510589

SnakeKeylogger

cb3c37115d314c01bdc7c55e3d685ca91065842745fdf1b74f73a46be6ef27c6

SnakeKeylogger

+ 3'797 additional samples on MalwareBazaar

Result

Malware family:

snakekeylogger

Score:

10/10

Tags:

family:snakekeylogger collection discovery keylogger spyware stealer

Link:

https://tria.ge/reports/251014-m7acrshm9x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Reads user/profile data of local email clients

Reads user/profile data of web browsers

Snake Keylogger

Snake Keylogger payload

Snakekeylogger family

Verdict:

Malicious

Tags:

404Keylogger

YARA:

n/a

Link:

https://app.threat.zone/submission/3122a2b8-5532-4825-bd77-b328a31de669

Unpacked files

SH256 hash:

adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490

MD5 hash:

0e70319987a5b1cd53be39ab9fed11ca

SHA1 hash:

390ed341eca790d915ad2a8996ccaa0fb23175ce

Link:

https://www.unpac.me/results/77e5b989-eb12-4182-ad6d-008857b4119f/

SH256 hash:

b794ed0c0c7d4499d0a2ffff67eb5b92dba83f4be7964591e9edad2755176511

MD5 hash:

2a576318d07470206dd7c45f7d896078

SHA1 hash:

3096b2a5ccd98583949a9f57842d5547b50bbc29

Link:

https://www.unpac.me/results/77e5b989-eb12-4182-ad6d-008857b4119f/

SH256 hash:

f9eda741e36de984f5764c76429ada284101b74abba47b708ac175c49f8227fe

MD5 hash:

48e1fdaf7662517c4e0f968966d4d7b0

SHA1 hash:

6320e1973e714027f3d4280c125ff36f51848f81

Detections:

win_404keylogger_g1

snake_keylogger

MAL_Envrial_Jan18_1

INDICATOR_SUSPICIOUS_Binary_References_Browsers

INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients

INDICATOR_SUSPICIOUS_EXE_DotNetProcHook

MALWARE_Win_SnakeKeylogger

Link:

https://www.unpac.me/results/77e5b989-eb12-4182-ad6d-008857b4119f/

Parent samples :

2ed366c595c98fbfe00e692f6d7e06dd237bc2fce08070b610e220083bdb1fe4
f9eda741e36de984f5764c76429ada284101b74abba47b708ac175c49f8227fe
b234827824cb6864880f9bcf498b15a4a15511e541906347af53f0cd5ed60290
adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490
91be01581d30136fc1d54926fb6fee17beb10959dae4ff07c9808c0244cce25c
8e95907c0b65f2f882de4d6bf69e0b62bf6ea0be2a87e5cc0ffa535fad492264
74bfc0967b1636ed58fbfc95523775dbef1e084910676b1e13a775095fec013e
626a21b142572a7729f9ee6746af1a1b21378e2f2457f8bfce9bdbe7d1fbe136
4255224f9842c7cb47d5d5d488d2f45674ac540f2b4652618dd2153acd3cd151
27af0f60f3069416ee2be26ee18589448518135832e18ae26e867a95d22d8065
324fcd15e9d6f1b0991ad5943a3178031c608d872cb810eeef48f11295490d6f
5b51788ca1b5ba91fd6f120c8264ea6ca4ae45db3dce9079f741d4e90d7dd341

SH256 hash:

28fc7aa197b9137ce8840e9b6906d811892b8a7333677a3339f1a179e02ceb5a

MD5 hash:

92682c14bb6732f76f58fa01d31dda74

SHA1 hash:

e2f7045147ffc762a6459ff6d147aa21cb1c5180

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/77e5b989-eb12-4182-ad6d-008857b4119f/

Malware family:

SnakeKeylogger

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/adbd8b904ab4/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/adbd8b904ab4bea6ff62fa51f68c11a1d1593fca88c8f556510f6a2764d98490

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	crime_snake_keylogger Create hunting rule
Author:	Rony (r0ny_123)
Description:	Detects Snake keylogger payload

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook Create hunting rule
Author:	ditekSHen
Description:	Detects executables with potential process hoocking

Rule name:	INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients Create hunting rule
Author:	ditekSHen
Description:	Detects executables referencing many email and collaboration clients. Observed in information stealers

Rule name:	MALWARE_Win_SnakeKeylogger Create hunting rule
Author:	ditekSHen
Description:	Detects Snake Keylogger

Rule name:	MAL_Envrial_Jan18_1 Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects Encrial credential stealer malware
Reference:	https://twitter.com/malwrhunterteam/status/953313514629853184

Rule name:	MAL_Envrial_Jan18_1_RID2D8C Create hunting rule
Author:	Florian Roth
Description:	Detects Encrial credential stealer malware
Reference:	https://twitter.com/malwrhunterteam/status/953313514629853184

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	Windows_Trojan_SnakeKeylogger_af3faa65 Create hunting rule
Author:	Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/32663/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample